Welcome To Wallon

Turns out I was wrong about the socially engineered spam I wrote about a few days back. Prompted by some readers’ comments, I asked Sophos about it. This is what Carole Theriault has to say about it:

This is mass-mailing worm. It is call Wallon-A.
Essentially, it goes to a dodgy website and downloads a dialler program. Diallers change your modem connection number to a premium rate number without your knowledge or consent…. This is essentially unsolicited mail with a dodgy link.

Roger Thompson of PestPatrol tells me: “it’s a mass mailer, but no attachment… just a URL. The URL goes through a bunch of redirections until it gets to the real website, where it downloads the payload using one of the current exploits.”